From 81cf619f07ece08f8d9e62fc1e51c3f652ba3e58 Mon Sep 17 00:00:00 2001
From: Andrew Mayorov <encube.ul@gmail.com>
Date: Mon, 25 Sep 2023 14:24:30 +0300
Subject: [PATCH 1/2] fix(ftconf): also mark `secret_access_key` key as
 sensitive

---
 apps/emqx_utils/src/emqx_utils.erl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/emqx_utils/src/emqx_utils.erl b/apps/emqx_utils/src/emqx_utils.erl
index e21affce6..2d237078b 100644
--- a/apps/emqx_utils/src/emqx_utils.erl
+++ b/apps/emqx_utils/src/emqx_utils.erl
@@ -632,6 +632,9 @@ is_sensitive_key(<<"proxy-authorization">>) -> true;
 is_sensitive_key(secret) -> true;
 is_sensitive_key("secret") -> true;
 is_sensitive_key(<<"secret">>) -> true;
+is_sensitive_key(secret_access_key) -> true;
+is_sensitive_key("secret_access_key") -> true;
+is_sensitive_key(<<"secret_access_key">>) -> true;
 is_sensitive_key(secret_key) -> true;
 is_sensitive_key("secret_key") -> true;
 is_sensitive_key(<<"secret_key">>) -> true;
@@ -779,6 +782,7 @@ redact_test_() ->
         'proxy-authorization',
         secret,
         secret_key,
+        secret_access_key,
         security_token,
         token,
         bind_password

From ddf6cdc0a2726394eb90c2d81f3b8fc9854c69ef Mon Sep 17 00:00:00 2001
From: Andrew Mayorov <encube.ul@gmail.com>
Date: Mon, 25 Sep 2023 14:57:42 +0300
Subject: [PATCH 2/2] chore: add changelog

---
 changes/ce/fix-11676.en.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changes/ce/fix-11676.en.md

diff --git a/changes/ce/fix-11676.en.md b/changes/ce/fix-11676.en.md
new file mode 100644
index 000000000..f91ce62e4
--- /dev/null
+++ b/changes/ce/fix-11676.en.md
@@ -0,0 +1 @@
+Hide few pieces of sensitive information from debug-level logs.